summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--meta/recipes-connectivity/dhcp/dhcp/CVE-2016-2774.patch65
-rw-r--r--meta/recipes-connectivity/dhcp/dhcp_4.3.3.bb1
2 files changed, 66 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/dhcp/dhcp/CVE-2016-2774.patch b/meta/recipes-connectivity/dhcp/dhcp/CVE-2016-2774.patch
new file mode 100644
index 0000000000..4836dbc2ac
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/dhcp/CVE-2016-2774.patch
@@ -0,0 +1,65 @@
+From b9f56d578ebfd649b5d829960540859ac6ca931c Mon Sep 17 00:00:00 2001
+From: Catalin Enache <catalin.enache@windriver.com>
+Date: Tue, 12 Apr 2016 18:23:31 +0300
+Subject: [PATCH] Add patch to limit the value of an fd we accept for a
+ connection.
+
+By limiting the highest value we accept for an fd we limit the number
+of connections.
+
+Upstream-Status: Backport
+CVE: CVE-2016-2774
+
+Author: Shawn Routhier <sar@isc.org>
+Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
+---
+ includes/site.h | 6 ++++++
+ omapip/listener.c | 9 +++++++--
+ 3 files changed, 18 insertions(+), 2 deletions(-)
+
+diff --git a/includes/site.h b/includes/site.h
+index 9c33de3..df020c8 100644
+--- a/includes/site.h
++++ b/includes/site.h
+@@ -290,6 +290,12 @@
+ this option will be removed at some time. */
+ /* #define INCLUDE_OLD_DHCP_ISC_ERROR_CODES */
+
++/* Limit the value of a file descriptor the serve will use
++ when accepting a connecting request. This can be used to
++ limit the number of TCP connections that the server will
++ allow at one time. A value of 0 means there is no limit.*/
++#define MAX_FD_VALUE 200
++
+ /* Include definitions for various options. In general these
+ should be left as is, but if you have already defined one
+ of these and prefer your definition you can comment the
+diff --git a/omapip/listener.c b/omapip/listener.c
+index 8bdcdbd..61473cf 100644
+--- a/omapip/listener.c
++++ b/omapip/listener.c
+@@ -3,7 +3,7 @@
+ Subroutines that support the generic listener object. */
+
+ /*
+- * Copyright (c) 2012,2014 by Internet Systems Consortium, Inc. ("ISC")
++ * Copyright (c) 2012,2014,2016 by Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (c) 2004,2007,2009 by Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (c) 1999-2003 by Internet Software Consortium
+ *
+@@ -233,7 +233,12 @@ isc_result_t omapi_accept (omapi_object_t *h)
+ return ISC_R_NORESOURCES;
+ return ISC_R_UNEXPECTED;
+ }
+-
++
++ if ((MAX_FD_VALUE != 0) && (socket > MAX_FD_VALUE)) {
++ close(socket);
++ return (ISC_R_NORESOURCES);
++ }
++
+ #if defined (TRACING)
+ /* If we're recording a trace, remember the connection. */
+ if (trace_record ()) {
+--
+2.7.4
diff --git a/meta/recipes-connectivity/dhcp/dhcp_4.3.3.bb b/meta/recipes-connectivity/dhcp/dhcp_4.3.3.bb
index 970617ff92..4e8cd272b8 100644
--- a/meta/recipes-connectivity/dhcp/dhcp_4.3.3.bb
+++ b/meta/recipes-connectivity/dhcp/dhcp_4.3.3.bb
@@ -8,6 +8,7 @@ SRC_URI += "file://dhcp-3.0.3-dhclient-dbus.patch;striplevel=0 \
file://replace-ifconfig-route.patch \
file://CVE-2015-8605.patch \
file://0001-site.h-enable-gentle-shutdown.patch \
+ file://CVE-2016-2774.patch \
"
SRC_URI[md5sum] = "c5577b09c9017cdd319a11ff6364268e"